Invisible Captcha Concept – Stop Spam Mail

Captcha forms, having to type in obscure numbers and letters into a form to verify you’re a human is almost as annoying as receiving spam its self. I’ve spent some time thinking about an alternative to a captcha form that still detects if the form submission is spam without the need for users to enter an annoying code, here is the solution I’d like to share with you.

The theory is as follows; when a spam bot comes to your website, it does not see your website as regular users, nicely styled with CSS… it sees code, specifically forms, textareas and text inputs, then it fills them out and submits the form.

How do you stop this without a captcha form?

Create a text input field & hide it with CSS.

[sourcecode language=”xml”]

Please leave blank:

[/sourcecode]

Create a textbox that the bot will presume is just a field it can exploit with rubbish and label it with an indicator to let any viewers without the privileges of CSS know that it is to be left blank.

Most anti-spam systems do not scale – they fail as soon as they become popular. That is because spam bot herders are real people who like gaming our antispam systems.
How long will it take for a spammer to write a rule for his bots not to fill anything in that “invisible captcha field”?
It’s just an endless arms race between spammers and us to keep our systems relevant. So I take the side of reCaptcha, it seems just as good as anything else on the long term.

Bogdan thanks for your comment.. the whole idea behind this is that the spam bot does not know if the field is hidden or not so it presumes it is another field that can be exploited. Sure if everybody started using this script someone would develop a way to ignore it very easily by just telling the spam bot to omit any fields with a specfic name or class.. and in which case we then change the name or class!

The only way they could destroy the whole concept is if the bot was able to query the stylesheet and then reference classes that apply to the containing html elements of the field to deduce if its is hidden by CSS or not, that would not be an easy task.

Besides, the beauty of this is it is not mainstream like capcha or the others so the few people who have found this and who use it can rest assured that works great and its unlikely to be hacked any time soon.

The REAL beauty of the Invisible Captcha is that it doesn’t inconvenience users of the site, and that it’s a completely accessible technology — usable by screen readers, braille devices &c — because there’s nothing there!

Thanx for this; I’ll be putting something similar in my forms from now on.

The CSS handling is not difficult at all, there are CSS libraries out there that will calculate this for you. It might be a bit trickier if it works by hiding the field behind some other div, but still this can be calculated.

Furthermore, the problem is that this request parameter keeps stable. So even without CSS calculation you just need to know which parameter(s) to skip for certain websites. It’s like a fixed password.